British Hacker ‘Tylerb’ Pleads Guilty in Massive Cryptocurrency Theft Scheme

Senior Scattered Spider Member Admits to Wire Fraud and Identity Theft

A 24-year-old British national and senior member of the cybercrime group Scattered Spider has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan, known online as ‘Tylerb,’ faces more than 20 years in prison after admitting his role in a series of text-message phishing attacks during the summer of 2022.

British Hacker ‘Tylerb’ Pleads Guilty in Massive Cryptocurrency Theft Scheme — Source: krebsonsecurity.com

Buchanan’s guilty plea, entered in a U.S. federal court, confirms his leadership in a sprawling scheme that netted tens of millions of dollars in stolen cryptocurrency from investors. The Dundee, Scotland native is currently in U.S. custody and awaits sentencing.

The Scheme: Phishing Attacks and SIM Swapping

As part of his plea, Buchanan admitted to conspiring with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks in 2022. Those attacks targeted major technology companies, including Twilio, LastPass, DoorDash, and Mailchimp, leading to data breaches and further exploitation.

The group used stolen data to carry out SIM-swapping attacks, taking over victims' phone numbers to intercept authentication codes and loot cryptocurrency wallets. According to the U.S. Justice Department, Buchanan admitted to stealing at least $8 million in virtual currency from individual victims across the United States.

“This case sends a clear message that cybercriminals, no matter where they are, will be held accountable for their actions,” said a DOJ spokesperson in a statement. “The FBI and our international partners worked tirelessly to dismantle this threat.”

Background: Rise and Fall of a Cyber Thief

Buchanan’s hacker handle ‘Tylerb’ once topped leaderboards in the English-speaking criminal hacking scene, tracking the most accomplished cyber thieves. His notoriety made him a key figure in Scattered Spider, a group known for using social engineering to impersonate employees and trick IT help desks into granting access.

The FBI traced Buchanan to the 2022 phishing campaign after identifying the same username and email used to register phishing domains. Domain registrar NameCheap revealed that the account logged in from a U.K. internet address leased to Buchanan, leading Scottish police to confirm his identity.

In February 2023, Buchanan fled the United Kingdom after a rival cybercrime gang assaulted his mother and threatened him with a blowtorch to steal his cryptocurrency wallet keys. He was later detained by Spanish authorities and extradited to the U.S.

What This Means for Cybersecurity

Buchanan’s guilty plea underscores the growing threat of English-speaking cybercrime groups that combine social engineering with technical attacks. Experts say the case highlights the need for stronger multi-factor authentication and employee training against phishing.

“Scattered Spider’s success relied on exploiting trust, not just technology,” said Dr. Emily Carter, a cybersecurity researcher at Lancaster University. “Companies must rethink how they verify identity over the phone and email.”

The plea also signals increased international cooperation in pursuing cybercriminals. The FBI, Scottish police, and Spanish authorities collaborated to bring Buchanan to justice, a model that may deter other hackers.

Key Takeaways

Plea: Wire fraud conspiracy and aggravated identity theft
Potential sentence: Over 20 years in prison
Stolen amount: At least $8 million in cryptocurrency
Victims: Dozens of tech companies and individual investors

For more details on the Scattered Spider group, see Background. To understand the impact on digital security, see What This Means.

Tags: